Commit 945bfaa8 authored by Sylvain Thénault's avatar Sylvain Thénault
Browse files

use xml_escape

parent 75ab08a4dabf
......@@ -8,7 +8,7 @@ __docformat__ = "restructuredtext en"
_ = unicode
from logilab.mtconverter import html_escape
from logilab.mtconverter import xml_escape
from cubicweb import Unauthorized
from cubicweb.selectors import implements
......@@ -29,7 +29,7 @@ class BasketPrimaryView(baseviews.PrimaryView):
def display_title(self, entity):
self.w(u"<span class='title'><b>%s : %s</b></span>" % (
self._cw._(self.entity_name), html_escape(
self._cw._(self.entity_name), xml_escape(
def display_content(self, entity):
rset = self._cw.execute('Any I WHERE I in_basket B, B eid %(x)s',
......@@ -91,14 +91,14 @@ class BasketBox(box.UserRQLBoxTemplate):
def build_inbasket_link(self, box, basket):
rset = basket.related('in_basket', 'object')
title = u'%s <span class="basketName">%s</span> (%s)' % (
_('view basket'), html_escape(, len(rset))
_('view basket'), xml_escape(, len(rset))
box.append(self.mk_action(title, basket.absolute_url(),
return rset, [row[0] for row in rset]
def build_add_link(self, box, basket, addable, rql, vid):
title = u'%s <span class="basketName">%s</span>' % (
_('add to basket'), html_escape(
_('add to basket'), xml_escape(
linkto = u'in_basket:%s:object' % '_'.join(addable)
msg = _('selection added to basket')
url = self.build_url('edit', eid=basket.eid, rql=rql,
......@@ -108,7 +108,7 @@ class BasketBox(box.UserRQLBoxTemplate):
def build_delete_link(self, box, basket, inbasketeids, rql, vid):
title = '%s <span class="basketName">%s</span>' % (
_('reset basket'), html_escape(
_('reset basket'), xml_escape(
delete = '%s:in_basket:%s' % ('_'.join(str(eid) for eid in inbasketeids),
msg = _('Basket %s emptied') %
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment